V1.1

Date of issue: 30/03/2021. Changes from v1.0.

Company

Collabora is an IT global consultancy company, specialized in open source software. Our main office is in The Platinum Building, St John's Innovation Park, Cambridge, United Kingdom.

If you have any queries in connection with how we use your data, you can contact our Data Protection representative by emailing data@collabora.com or phoning one of our offices. You can also contact our EU Representative, Olivier Potin at olivier.potin@collabora.com.

Our legal basis for processing your personal data:

We collect personal contact data when attending events, and trade shows, and via the contact form in our website. This data will be later used for leads and possible business opportunities.

When we collect and process Customer data, it is for contractual reasons only.

Where Customer employees' username and contact details have been used in a git commit, the legal basis is legitimate interest on the grounds that it is necessary to be able to trace the history of the software development and protect against malicious code being introduced.

The data we collect

We collect and process the following data to allow us to deliver this contract:

Transfer of data to third parties:

Our servers are located in the UK and Canada which are considered to already be bound by GDPR/DPA legislation. On these servers we host email, CRM (customer data management), Phabricator (task management system), Mattermost (internal messaging), Gitlab(source code management) and document storage.

We may occasionally use Google Docs and Hangouts to share information. This data transfer to Google servers in the United States of America is protected by Standard Contractural Clauses.

Data related to invoicing is processed by a 3rd party whose data servers are located in the United States of America. This data transfer is protected by Standard Contractural Clauses.

These 3rd parties are service providers (data processors) to Collabora and we only share information with them as part of regular business activities. In no case, does Collabora sell customer data of any kind.

Retention Period:

Collabora will keep all project related data for a period of 12 years from project completion.

Personal data entered into a git repository will be retained permanently.

Collabora will keep all financial records from the project for a period of 12 years from project completion year.

Collabora will keep data collected via contact forms in our website for 2 years.

Data collected from events, and trade shows, will be retained for a period of 6 months.

Your Rights

We operate under the UK Data Protection Act (DPA) 2018 which encompasses the EU GDPR regulation.

The data protection laws require us to make sure that the personal data we hold is:

1. processed lawfully, fairly and in a transparent manner;
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and where necessary kept up to date;
5. kept for no longer than is necessary for the purposes for which the personal data are processed;
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

To exercise any of the rights listed below, please contact us using data@collabora.com. In order to process your request, we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity.

1. The right to access personal data we hold on you. At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request and verified who you are we will usually respond within one month. There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2. The right to correct and update the personal data we hold on you.
3. The right to object to processing of your personal data or to restrict it to certain purposes only. You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
4. The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
5. The right to request portability of data. You can request that personal data you have provided which is based on consent or for the performance of a contract and that that has been carried out by automated means be provided to you in a structured and machine-readable format.
6. The right to object. You can object to your personal data being used where the legal basis is legitimate interest or public interest or is being used for direct marketing.
7. The right to not be subject to decision based solely on automated processing.
8. The right to lodge a complaint with the Information Commissioner’s Office. You can contact the Information Commissioner’s Office on 0303 123 1113 or via email [ ] or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Alternatively, please contact the relevant supervisory body for the country you are resident.

Changes from v1.0

Update policy notice to reflect the UK leaving the EU and the EU changing the US status to non-adequate requiring an alternative method such as Standard Contractural Clauses to be put in place instead of Privacy Shield.